If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

DOS Attack on Server!

Hi!
We have hosted an application on our server which gets accessed across the globe. Everything works fine for years but suddenly from last 2 weeks we face issue that users complaint server not responding. Upon checking our Cisco ASA we identified numerous attempts from IP's from CHINA that tries to connect to our Server. As a result our users unable to access the server, although time to time we are blocking the unknown pools using ASA but yet the Attacks keep on coming from different sources.

Current Network Setup is As following: -

ISP => Cisco ASA => SQL Server
||
DC
||
LAN

OS = Windows 2003 (Also running MS ISA 2004)

Our application get accessed from different source machines so we can't directly block all unknown source IP for this particular application using Cisco ASA.

Any suggestion how can we block/minimize these DOS attacks?

One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

You have several options with you ASA, you can set connection limits to that server, so when it reaches a high volume of hits it will start shunning those connections and prevent an overload on that server. Another option is to just block that ip or range that is hitting your server.